Bug 2025095 (CVE-2021-22929)
| Summary: | CVE-2021-22929 tor: v2 onion service metadata leak on disk | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | lewk, mh, msaulnier, pablo, paul.wouters, rh-bugzilla, s |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-19 21:18:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2025096, 2025097 | ||
| Bug Blocks: | |||
Created tor tracking bugs for this issue: Affects: epel-all [bug 2025097] Affects: fedora-all [bug 2025096] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |
tor from 0.4.5.8 before 0.4.6.8 would log v2 onion services access attempt warnings on disk excessively, allowing time-correlation. o Minor bugfixes (onion service, TROVE-2021-008): - Only log v2 access attempts once total, in order to not pollute the logs with warnings and to avoid recording the times on disk when v2 access was attempted. Note that the onion address was _never_ logged. This counts as a Low-severity security issue. Fixes bug 40474; bugfix on 0.4.5.8. References: https://gitlab.torproject.org/tpo/core/tor/-/issues/40474 https://gitlab.torproject.org/tpo/core/tor/-/commit/602dcd8e3774b09242787ba3b0f0e0599530638a